/**
 * NativeWebCryptoService
 * Web Crypto API implementation for v1 crypto flow with X25519/ECDH P-256, HKDF, multi-layer wrapping
 */
import type { AlgorithmInfo, EncryptedKeyset, KeysetData } from "./types";
/**
 * Error thrown during cryptographic operations
 */
export declare class CryptoError extends Error {
    constructor(message: string);
}
export declare class NativeWebCryptoService {
    private _algorithmInfo;
    private _isSafari;
    constructor();
    /**
     * Detect Safari browser (including iOS browsers)
     * Safari has IndexedDB issues with X25519 CryptoKeys
     */
    private _detectSafari;
    /**
     * Version property - identifies this crypto service implementation
     */
    get version(): string;
    /**
     * Sign a challenge with Ed25519 private key
     */
    signChallenge(privateKey: CryptoKey, challenge: Uint8Array): Promise<Uint8Array>;
    /**
     * Encrypt keyset using AES-GCM (v1 crypto flow)
     */
    encryptKeyset(symkey: Uint8Array, keysetData: KeysetData): Promise<EncryptedKeyset>;
    /**
     * Hash hindex using SHA-256
     */
    hashHindex(hindex: string): Promise<string>;
    /**
     * Hash public key bytes using SHA-256
     */
    hashPublicKey(publicKeyBytes: Uint8Array): Promise<Uint8Array>;
    /**
     * Convert bytes to base64 string
     */
    toBase64(bytes: Uint8Array): string;
    /**
     * Convert bytes to hex string
     */
    toHex(bytes: Uint8Array): string;
    /**
     * Generate cryptographically secure random bytes
     */
    randomBytes(length: number): Uint8Array;
    /**
     * Export raw public key from CryptoKey
     */
    exportRawPublicKey(publicKey: CryptoKey): Promise<Uint8Array>;
    /**
     * Detect available algorithm by actually testing IndexedDB storage
     * More reliable than user agent detection - tests actual capability
     * Safari: Will fail to store X25519 in IndexedDB, so we use ECDH P-256
     * Other browsers: X25519 stores successfully, so we use it (faster, smaller keys)
     */
    detectAlgorithm(): Promise<AlgorithmInfo>;
    /**
     * Test if X25519 CryptoKeys can actually be stored in IndexedDB
     * Safari allows X25519 generation but fails on IndexedDB storage
     * More reliable than user agent detection - tests actual capability
     */
    private _testX25519Storage;
    /**
     * Perform the actual storage test
     */
    private _performStorageTest;
    /**
     * Verify that the stored key can be retrieved
     */
    private _verifyStorage;
    /**
     * Clean up test database
     */
    private _cleanupTestDB;
    /**
     * Generate non-extractable User App Key (UAK)
     * Returns full keyPair (like Ed25519) for Safari-safe storage
     */
    generateUAK(algorithm: string, curve: string): Promise<CryptoKeyPair>;
    /**
     * Generate ephemeral peer key pair for DH key exchange
     */
    generatePeerKeyPair(algorithm: string, curve: string): Promise<CryptoKeyPair>;
    /**
     * Derive shared secret using Diffie-Hellman
     */
    deriveSharedSecret(uak: CryptoKey, peerPublicKey: CryptoKey): Promise<CryptoKey>;
    /**
     * Derive shared secret bits for use in HKDF
     */
    deriveSharedSecretBits(uak: CryptoKey, peerPublicKey: CryptoKey, length?: number): Promise<ArrayBuffer>;
    /**
     * Derive key using HKDF
     */
    deriveHKDFKey(sharedSecret: CryptoKey, salt: Uint8Array, info: Uint8Array, length?: number): Promise<CryptoKey>;
    /**
     * Derive bits using HKDF
     */
    deriveHKDFBits(sharedSecret: CryptoKey, salt: Uint8Array, info: Uint8Array, length?: number): Promise<ArrayBuffer>;
    /**
     * Wrap a CryptoKey using AES-GCM
     */
    wrapKey(format: KeyFormat, key: CryptoKey, wrappingKey: CryptoKey, iv: Uint8Array): Promise<ArrayBuffer>;
    /**
     * Unwrap a CryptoKey using AES-GCM
     */
    unwrapKey(format: KeyFormat, wrappedKey: ArrayBuffer, unwrappingKey: CryptoKey, iv: Uint8Array, unwrappedKeyAlgorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
    /**
     * Generate device fingerprint
     */
    generateDeviceFingerprint(hds: Uint8Array, bui: string, osType: string): Promise<Uint8Array>;
    /**
     * Generate Hash-Index H(I)
     */
    generateHashIndex(salt1: Uint8Array, salt2: Uint8Array, sk2Bits: ArrayBuffer, combinedprs: ArrayBuffer, peerPublicKeyJWK: JsonWebKey, ssBits: ArrayBuffer, userid: string, domainName: string, dfp: Uint8Array): Promise<Uint8Array>;
    /**
     * Get Safari detection result (for testing purposes)
     */
    get isSafari(): boolean;
}